Hackers move to using typosquatting tactics

News by Dan Raywood

Internet users have a one in 14 chance of landing on a typosquatting site.

Internet users have a one in 14 chance of landing on a typosquatting site.


Greg Day, security analyst at McAfee, claimed that cybercriminals are ‘typosquatting', where they register common misspellings of popular domain names and products to then redirect those who make mistakes to alternative websites.


He claimed that a typical person misspelling a popular URL has a one in 14 chance of landing at a typosquatter site, where the typosquatter generates click-through advertising revenue to lure customers into scams and harvest email addresses.


Day said: “The use of URLs that look like the real thing but are in fact far from it should come as no real surprise. Just as phishing emails replicate valid messages from banks and the perpetrators of malware attempt to make you download a file by claiming it is something that will appeal to you, the bad guys out there know what the average internet user is interested in and what will appeal to the greatest number of surfers.


“This tactic is no different to physical retailers trying to pass off fake goods as something altogether more legitimate. It's important to learn what to look out for, as at worst, typosquatting can lead to innocent computer users becoming the victims of online scams or ‘get rich quick' tricks.”


Businesses should also be as wary, as customers may unwittingly be lured from their site to one that may well look similar at first glance, but is far from it.


Day pointed to a recent example, where a typosquatter site for the iPhone was set up, and although it was released fairly late in 2007, it was predicted that by the end of that year there would be approximately 8,000 URLs using “iPhone”.


“The reality is that those bad guys are always trying to stay one step ahead of us but we don't need to let them. The bottom line is that you're not sure of the URL you're looking for, you're far safer using a search engine than trying to make a guess,” said Day.


“If we stay alert, are careful with the information we share and the websites we visit, and also use security technology to block or highlight risks, there is no reason why we can't continue to get the most out of the internet.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews